cvelistv5 - cve-2016-1557

cve-2016-1557

Vulnerability from cvelistv5

Published

2017-04-21 15:00

Modified

2024-08-05 23:02

Severity ?

Summary

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html	Third Party Advisory, VDB Entry
cret@cert.org	http://seclists.org/fulldisclosure/2016/Feb/112	Mailing List, Third Party Advisory
cret@cert.org	https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Feb/112	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:02:11.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
          },
          {
            "name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-21T14:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
        },
        {
          "name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-1557",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
            },
            {
              "name": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic",
              "refsource": "CONFIRM",
              "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
            },
            {
              "name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-1557",
    "datePublished": "2017-04-21T15:00:00",
    "dateReserved": "2016-01-07T00:00:00",
    "dateUpdated": "2024-08-05T23:02:11.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1557\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-04-21T15:59:00.410\",\"lastModified\":\"2024-11-21T02:46:38.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.\"},{\"lang\":\"es\",\"value\":\"Netgear WNAP320, WNDAP350 y WNDAP360 en versiones anteriores a 3.5.5.0 revelan contrase\u00f1as inal\u00e1mbricas y nombres de usuario y contrase\u00f1as administrativos sobre SNMP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.5.0\",\"matchCriteriaId\":\"CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.5.0\",\"matchCriteriaId\":\"CB422D25-D72D-445B-869D-4A5FBF285357\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C82A16C2-DC48-4792-A4C7-8AC43F84196D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.5.0\",\"matchCriteriaId\":\"FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7975D6EC-1816-4D52-8C87-77C1B6404120\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Feb/112\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/Feb/112\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

ghsa-2hmp-62fm-hfpg

Vulnerability from github

Published

2022-05-17 02:47

Modified

2022-05-17 02:47

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-21T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.",
  "id": "GHSA-2hmp-62fm-hfpg",
  "modified": "2022-05-17T02:47:50Z",
  "published": "2022-05-17T02:47:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1557"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2016-1557

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

Aliases

CVE-2016-1557

Aliases

CVE-2016-1557

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1557",
    "description": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.",
    "id": "GSD-2016-1557"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1557"
      ],
      "details": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.",
      "id": "GSD-2016-1557",
      "modified": "2023-12-13T01:21:23.947755Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2016-1557",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
          },
          {
            "name": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic",
            "refsource": "CONFIRM",
            "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
          },
          {
            "name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-1557"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
            },
            {
              "name": "20160225 D-Link, Netgear Router Vulnerabiltiies",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
            },
            {
              "name": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-04-27T19:53Z",
      "publishedDate": "2017-04-21T15:59Z"
    }
  }
}

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world's leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear's various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello,

We’d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne.

Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in boardData102.php, boardData103.php, boardDataJP.php, boardDataNA.php, and boardDataWW.php. This has been assigned CVE-2016-1555. Affected devices include:

Netgear WN604 Netgear WN802Tv2 Netgear WNAP210 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360

Several D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the 'dlink_uid' cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:

D-Link DAP-2310 D-Link DAP-2330 D-Link DAP-2360 D-Link DAP-2553 D-Link DAP-2660 D-Link DAP-2690 D-Link DAP-2695

Several Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:

D-Link DAP-1353 D-Link DAP-2553 D-Link DAP-3520 Netgear WNAP320 Netgear WNDAP350 Netgear WNDAP360

We have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March.

Thanks,

Dominic

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0305",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wndap360",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "3.0.5.0"
      },
      {
        "model": "wnap320",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "3.0.5.0"
      },
      {
        "model": "wndap350",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "netgear",
        "version": "3.0.5.0"
      },
      {
        "model": "wnap320",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "3.5.5.0"
      },
      {
        "model": "wndap350",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "3.5.5.0"
      },
      {
        "model": "wndap360",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "net gear",
        "version": "3.5.5.0"
      },
      {
        "model": "wnap320",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "wndap350",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "wndap360",
        "scope": null,
        "trust": 0.6,
        "vendor": "netgear",
        "version": null
      },
      {
        "model": "wndap360",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "netgear",
        "version": "3.0.5.0"
      },
      {
        "model": "wndap350",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "netgear",
        "version": "3.0.5.0"
      },
      {
        "model": "wnap320",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "netgear",
        "version": "3.0.5.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:netgear:wnap320_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:netgear:wndap350_firmware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:netgear:wndap360_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dominic Chen",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "135956"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2016-1557",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-1557",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-01689",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-90376",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-1557",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1557",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1557",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-01689",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-393",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90376",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Netgear WNAP320 , WNDAP350 ,and WNDAP360 Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Netgear is the world\u0027s leading enterprise network solution and advocate for digital home networking applications. There are information disclosure vulnerabilities in Netgear\u0027s various devices, and an attacker can exploit the vulnerability to obtain an administrator account and a wireless password. Security flaws exist in several Netgear products. The following products and versions are affected: Netgear WNAP320 prior to 3.5.5.0; WNDAP350 prior to 3.5.5.0; WNDAP360 prior to 3.5.5.0. Hello,\n\nWe\u2019d like to report several vulnerabilities in embedded devices developed by D-Link and Netgear, which were discovered using our FIRMADYNE framework for emulation and dynamic analysis of Linux-based embedded devices. For more information, refer to our academic paper and open-source release at https://github.com/firmadyne/firmadyne. \n\nSeveral Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in `boardData102.php`, `boardData103.php`, `boardDataJP.php`, `boardDataNA.php`, and `boardDataWW.php`. This has been assigned CVE-2016-1555. Affected devices include:\n\nNetgear WN604\nNetgear WN802Tv2\nNetgear WNAP210\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nSeveral D-Link devices include a web server that is vulnerable to a buffer overflow while parsing the \u0027dlink_uid\u0027 cookie. The length of the value set in the cookie is obtained using strlen(), which is then passed to memcpy(), and the value is copied into a fixed-size buffer. This has been assigned CVE-2016-1558. Affected devices include:\n\nD-Link DAP-2310\nD-Link DAP-2330\nD-Link DAP-2360\nD-Link DAP-2553\nD-Link DAP-2660\nD-Link DAP-2690\nD-Link DAP-2695\n\nSeveral Netgear devices include unauthenticated webpages that disclose the wireless WPS PIN, allowing for information disclosure. This has been assigned CVE-2016-1556. This has been assigned CVE-2016-1557 for Netgear devices, and CVE-2016-1559 for D-Link devices. Affected devices include:\n\nD-Link DAP-1353\nD-Link DAP-2553\nD-Link DAP-3520\nNetgear WNAP320\nNetgear WNDAP350\nNetgear WNDAP360\n\nWe have not heard back from D-Link after contacting the vendor. Netgear will fix WN604 with firmware 3.3.3 by late February, but the tentative ETA for the remaining devices is mid-March. \n\nThanks,\n\nDominic\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "db": "PACKETSTORM",
        "id": "135956"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1557",
        "trust": 3.2
      },
      {
        "db": "PACKETSTORM",
        "id": "135956",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689",
        "trust": 0.6
      },
      {
        "db": "VULDB",
        "id": "81131",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "PACKETSTORM",
        "id": "135956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "id": "VAR-201704-0305",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      }
    ],
    "trust": 1.1813131366666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:54:09.613000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2016-1557 - Notification",
        "trust": 0.8,
        "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://packetstormsecurity.com/files/135956/d-link-netgear-firmadyne-command-injection-buffer-overflow.html"
      },
      {
        "trust": 2.3,
        "url": "http://seclists.org/fulldisclosure/2016/feb/112"
      },
      {
        "trust": 1.7,
        "url": "https://kb.netgear.com/30482/cve-2016-1557-notification?cid=wmt_netgear_organic"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1557"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1557"
      },
      {
        "trust": 0.6,
        "url": "http://vuldb.com/?id.81131"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/firmadyne/firmadyne."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1559"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1555"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-1558"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "PACKETSTORM",
        "id": "135956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "db": "PACKETSTORM",
        "id": "135956"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "date": "2017-04-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "date": "2016-02-26T17:22:22",
        "db": "PACKETSTORM",
        "id": "135956"
      },
      {
        "date": "2016-03-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "date": "2017-04-21T15:59:00.410000",
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01689"
      },
      {
        "date": "2017-04-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90376"
      },
      {
        "date": "2017-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      },
      {
        "date": "2017-04-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      },
      {
        "date": "2024-11-21T02:46:38.070000",
        "db": "NVD",
        "id": "CVE-2016-1557"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Netgear Information disclosure vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008489"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-393"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2016-1557

Vulnerability from fkie_nvd

Published

2017-04-21 15:59

Modified

2024-11-21 02:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html	Third Party Advisory, VDB Entry
cret@cert.org	http://seclists.org/fulldisclosure/2016/Feb/112	Mailing List, Third Party Advisory
cret@cert.org	https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/Feb/112	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
netgear	wnap320_firmware	*
netgear	wnap320	-
netgear	wndap350_firmware	*
netgear	wndap350	-
netgear	wndap360_firmware	*
netgear	wndap360	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBCE4D2F-5A11-4043-8F3E-4C10D155A6ED",
              "versionEndIncluding": "3.0.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wnap320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E2613E9-CAF9-4C04-85BC-E10BDF4B0E74",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndap350_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB422D25-D72D-445B-869D-4A5FBF285357",
              "versionEndIncluding": "3.0.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndap350:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C82A16C2-DC48-4792-A4C7-8AC43F84196D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:wndap360_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1E8F1E-AB78-4C4B-BE0B-AE17E4636077",
              "versionEndIncluding": "3.0.5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:wndap360:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7975D6EC-1816-4D52-8C87-77C1B6404120",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP."
    },
    {
      "lang": "es",
      "value": "Netgear WNAP320, WNDAP350 y WNDAP360 en versiones anteriores a 3.5.5.0 revelan contrase\u00f1as inal\u00e1mbricas y nombres de usuario y contrase\u00f1as administrativos sobre SNMP."
    }
  ],
  "id": "CVE-2016-1557",
  "lastModified": "2024-11-21T02:46:38.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-21T15:59:00.410",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/Feb/112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/30482/CVE-2016-1557-Notification?cid=wmt_netgear_organic"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2016-1557

Vulnerability from cvelistv5

ghsa-2hmp-62fm-hfpg

Vulnerability from github

gsd-2016-1557

Vulnerability from gsd

var-201704-0305

Vulnerability from variot

fkie_cve-2016-1557

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature